Overview

overview

3

Static

static

3

db9418a76a...18.exe

windows7-x64

3

db9418a76a...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12-09-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe

  • Size

    197KB

  • MD5

    db9418a76a2abe061147509567c1b1f2

  • SHA1

    694bc1c41625adc7ecf8648fc980089b33da924a

  • SHA256

    436151a1b0aacd07d9ffef8f5d6f21b7c5a64150522c1502196808210c6e937a

  • SHA512

    4c5dcc368dbfd33c2d2cf7c7651c2da9d2e7e57b6444159fc867a13870567cbeeae2816fb18dbff16f4cd0c5358b79dff14a57a854a4923aa5a596f9e285fb44

  • SSDEEP

    1536:4BejSRINGraIWvKS3MKJ3xULa/5rilh+Y4lJX7ZUf3mesXERgMBSNK/CSSZ/Sppy:RGIQ9SKUZ3xXxrilh+YUJxMcsr6SBHKl

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\a64642.bat "C:\Users\Admin\AppData\Local\Temp\db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /all
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers network information
        PID:1036
      • C:\Windows\SysWOW64\findstr.exe
        findstr "IP" ip1.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3068
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /all
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers network information
        PID:2432
      • C:\Windows\SysWOW64\findstr.exe
        findstr "IP" ip2.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2656
      • C:\Windows\SysWOW64\fc.exe
        fc 1.txt 2.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2.TXT
    Filesize

    227B

    MD5

    1a3049ff061b971af0441181dcc4d393

    SHA1

    3926ca39dc8414e98c81ab1598cae4c729f29f73

    SHA256

    283d54fa5494e331a619ace6fa3bd08ada1e050b61fe93c9b38abfa8701a24f4

    SHA512

    98435f8d5b051b1169b182a2c9f66f324fd4f621ef638874ad52b4afb3f6269bec76b9a2da480232c9d37947069d78844c1089b3b87fd23d70406bfbe843c615

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a64642.bat
    Filesize

    940B

    MD5

    b0c1a5568c7f23172e67f5c0e481d716

    SHA1

    797a50e6c60455d712acb8d724abbc44b16a928d

    SHA256

    7215ed557507c1c5fd5e1c44bafe79749ee3ffe69558093809d1097df8a74699

    SHA512

    20908163f40d1f951d495131122701f1f0eb207cc6229c679715a372394bbcecd986f5b08f2e0d6b77f40db6c950da6aef6fa54260e91583e7781eca06b3c2c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ip1.txt
    Filesize

    1KB

    MD5

    bcfc5ad4913aa34a0e14e3c77ff25fb2

    SHA1

    e9fd2b9eb996e17a40bf5940887b908eed46e888

    SHA256

    9a2470c1cd2b8584c105d26ab803aec791d328248bc9c9b488a81d28599cc660

    SHA512

    87168a094e18e8cae6c70660825d965361ffbed7b779160bbf6c1f19ec22c29ed5553569b147d8b291301a2857a0be9d5bfd69f19ca7563a6aeb6aa21883ba4d

    Download Submit

  • memory/3008-13-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download